Spring is at the door, and finally the endless winter is coming to an end. I am just wondering if the crooks are starting to enjoy the first rays of sun, given the relatively low level of attacks in the first half of March.

Effectively, for the first time since several months, no massive breaches have been recorded. But don’t get carried away: the second half of March has begun in the worst possible way with the gigantic breach suffered by Premera (definitely a deja vu).

In any case, during the first half of the month, there have been several remarkable attacks driven by criminal intentions, however none of them has achieved the levels we have been used to in the previous months (not for long unfortunately).

Shifting to hacktivism, the Pro-Palestinian collective Anonghost was back in action, and even the Anonymous were back from stealth mode. However the most active actors have been the pro-isis hackers, who have defaced hundreds of Western sites, forcing the FBI to investigate these incidents. It is impossible to count all the victims, so just a special mention for them.

The Cyber Espionage has maybe offered the most peculiar attack, consisting in the hijacking of the internet traffic for 167 important British Telecom customers (including a UK defense contractor) towards Ukraine, before reaching their final destination. Even if the key question probably remains unsolved: was this a gigantic routing blunder or a very large scale attack?

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Here we go with the aggregated statistics extracted from the Cyber Attacks Timelines of February 2015 (Part I and Part II).

As we normally do, let’s start from the Country Distribution Chart, which is led, as usual, by the United States. All the other countries are essentially aligned on the same level, with the sole exception of the United Kingdom, which slightly emerges over the others.

The Daily Trend of Attacks shows quite a heterogeneous distribution throughout the month. After a slow start, two peaks emerge on the 10th and the 14th.

Even in February, Cyber Crime is on top of the Motivations Behind Attacks Chart, increasing its percentage to 73.8% from the 67.4% of January. Hacktivism slows down to 19% (from 29.2%), whereas Cyber Espionage jumps to 7.1% (was 1.1% in January).

For the second month in a row SQLi ranks on top of the Attack Technique Distribution Chart with 25.3% (was 33.7% on January). Account Hijackings and Defacements swap their positions and complete the podium for the known attacks despite the third place of Defacements is in co-location with Targeted Attacks (quite a remarkable result).

For the sixth month in a row, industry ranks on top of the Distribution of Targets chart with 26.2%, a value comparable to the 28.1% of the previous month). Single Individuals rank at number two (13.6%) and Organizations at number three (11.9%). Curiously this month Governmental targets are outside the podium, slightly ahead of Educational (and Financial) targets.

The Industry Drill Down chart is extremely fragmented, however the terrible moment for the E-Commerce sites continues. On the other hand, the Non-Profit institutions are the preferred targets for the Organizations, as reported in the corresponding Drill Down chart.

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Like this:

It’s time for the second timeline of February (first timeline here) covering the main cyber attacks occurred between 16 and 28 February 2015 (including also several few attacks that actually happened in the first 15 days).

With only 13 days available, this is normally the timeline with less activity. Not this year actually, since despite the shorter period, the number of reported attacks is undoubtedly remarkable.

If you look at the targeted attacks, you’ll be spoiled for choice: several remarkable operations (The Equation Group setting new standards in term of sophistication, Operation Rapid Viper against Israel and Operation Desert Falcons against several companies and individuals in Middle East), and a cyber attack, purportedly originating from China against the Dutch Chip Manufacturer ASML.

Even looking at Cyber Crime, you’ll be spoiled for choice as well. The Lizard Squad is back with an original retaliation against Lenovo, in the wake of the Superfish affair: they hacked the registrar that procured the Lenovo address, using that illegitimate access to hijack, shortly after, the lenovo.com domain. Other remarkable events include the admission of a breach by TalkTalk, involving potentially 4 million customers, a breach to Uber, putting at risk 50,000 past and present drivers, and other two cases of Bitcoin Exchange sites hacked (in particular Canada based Cavirtex is forced to shut down, whereas the losses for the Chinese Bter amount to $1.75 million.

Last but not least, nothing particular meaningful to mention for what concerns hacktivism: several sparse operation with no significant impact.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

I was delivering to Anthem the very unwelcome prize for the first massive breach of 2015, when the Operation Carbanak has brought an unexpected tail to this first half of February.

These two events have undoubtedly characterized this timeline and overshadowed all the others: on one hand, a massive cyber attack (allegedly carried on by Chinese hackers) targeting one of the largest US ensurers, able to scoop up 80 million records. On the other hand, a sophisticated long lasting campaign, stealing more than $300 million on 100 banks in 30 nations.

It is very hard to choose which one deserves the (not so) coveted prize, in any case a consideration is worth: there could not have been a worst way to begin this 2015 Infosec year.

Moving on along the timeline, other interesting events appear, such as the compromising of the Forbes web site (again Flash is on the spot) by a Chinese APT Group dubbed Codoso, a “mobile tail” of the Operation Pawn Storm, now spreading to iOS devices, and eventually an unprecedented campaign targeting Syrian rebels using a combination of fake social media and Skype accounts associated with fictional female characters.

In background, as usual, multiple events driven by hacktivism, whose most remarkable one is undoubtedly the massive campaign carried on by the Anonymous collective, aimed to erase hundreds of pro-ISIS accounts and profiles from the Cyber Space (in particular from Facebook and Twitter).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

It is time to summarize the data collected into the January 2015 Cyber Attacks timelines (Part I and Part II) into valuable statistics.

Many readers keep on asking where the information used to create the stats comes from. The answer is always the same: the statistics are created elaborating the timelines that I collect (approximately) on a bi-weekly basis and I publish on this blog (see also the Cyber Attacks Master Index).

I cannot be exhaustive, but at least my intention is just to provide an overview of the Threat Landscape, reporting the attacks that gained space in the media.

Moving to the data, as usual, the United States lead the Country Distribution chart for each category. The surprises of this month are France and UK, which win the “silver medal” having suffered an unusual number of cyber attacks by Pro-Islamist hacktivists, but also a number of “more traditional” attacks related to cyber crime, a number well above the average.

The Daily Trend of Attacks Chart shows an initial peak, a new concentration of activity in the middle of the month, followed by a decreasing trend with a partial revamp towards the end.

Cyber Crime is always on top of the Motivations Behind Attacks Chart, even if with a small decrease in comparison with December (67.4% vs 72.6%). All in favor of hacktivism, which bumped up to 29.2% from 17.8%. On the opposite site, Cyber Espionage is well below the noticeable 8.8% of December.

Sometimes it comes back! I am obviously talking about SQLi, which, after several months in the shadow, ranks on top of the Attack Technique Distribution Chart (and even with quite an important value (33.7%). Defacements and Account Hijackings complete the podium for the known attacks.

For the fifth month in a row, industry ranks unchallenged on top of the Distribution of Targets chart (but the 28.1% recorded this month is notably smaller than the 47.9% reported in December). Governmental targets rank at number two, and educational institutions are at the third place exactly just like one month ago.

Once again, E-commerce leads the drill-down chart for the industrial targets, whereas Non-Profit are on top of the corresponding chart for organizations.

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Like this:

It’s time for the second part of the January Cyber Attacks Timeline (Part I here).

In comparison with the first half of the month, in absolute terms, these two weeks have seen a slightly smaller number of attacks. However, even if the general trend has shown a decrease, the hacktivists (most of all the pro-Islamist ones) have been equally very active (and the French evening newspaper Le Monde, fallen under the keystrokes of the infamous Syrian Electronic Army, is the most illustrious victim).

Turning the attention to Cyber Crime, the most important event related to this category is probably the leak of 700,000 accounts from the Australian travel insurer Aussie Travel Cover. Of course there are many other background events, but no one reached an impact as noticeable as that.

Last but not least, I have not recorded noticeable events or campaigns related to Cyber Espionage.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

It’s now time for the first chart of this 2015, a year that has begun in the worst way even from an Information Security perspective, given the high number of attacks recorded in the first half of January.

Unfortunately the sad events happened in Paris have inevitably conditioned this period: France has been the target of an unprecedented number of cyber attacks (approximately 19,000) allegedly carried on by Islamist hackers and strictly related with the events of the Charlie Hebdo. Nearly in contemporary, the Anonymous have declared war against the IS-IS and have taken down several Jiahdist sites. In the meantime the pro IS-IS hackers of the Cyber Caliphate have found the time to hijack the Twitter account of the CENTCOM: the US military command that oversees operations in the Middle East.

France has also been one of the main targets for Cyber Criminals, since the most remarkable breach of this two weeks has hit the shopping site of TF1, the most important local TV stations (nearly 2 million records possibly compromised). There is also indication of a possible attack to the Spanish affiliate of Orange, but it has not been confirmed.

Other noticeable events of this period concern a possible breach to the EA/Origin service, another (failed) attempt to blackmail a bank, perpetrated by the infamous Rex Mundi collective, and, on a different scale a massive malvertising campaign targeting sites with a combined total monthly traffic of around 1.5 billion visitors.

However, at least for once, I have not recorded events related to Cyber Espionage.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Interesting Links

About This Blog

In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.

Every information is reported with its source.

Anyone intending to use the information contained in my posts is free to do so, provided my blog is mentioned in your article.